Security
Headlines
HeadlinesLatestCVEs

Tag

#php

TOTOLINK 9.x Command Injection

TOTOLINK version 9.x suffers from a remote command injection vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#js#php#acer#auth#firefox
MagnusBilling 7.x Command Injection

MagnusBilling version 7.x suffers from a remote command injection vulnerability.

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the

Peel Shopping 2.x Cross Site Scripting / SQL Injection

Peel Shopping versions 2.x and below 3.1 suffer from cross site scripting and remote SQL injection vulnerabilities. This was already noted discovery in 2012 by Cyber-Crystal but this data provides more details.

ABB Cylon Aspect 3.08.00 (yumSettings.php) Remote Code Execution

The ABB BMS/BAS controller uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

GHSA-vgxq-6rcf-qwrw: angular-base64-upload vulnerable to unauthenticated remote code execution

angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the `angular-base64-upload/demo/server.php` endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the `angular-base64-upload/demo/uploads` endpoint. This leads to the execution of previously uploaded content which enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.

ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion

TerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.